Re: [fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls
From: Barney Wolff (barney_at_databus.com)
To: "Marcus J. Ranum" <email@example.com> Date: Tue, 26 Aug 2003 20:58:46 -0400
On Tue, Aug 26, 2003 at 05:07:46PM -0400, Marcus J. Ranum wrote:
> Sorry - I'm feeling extremely curmudgeonly today. In my inbox I had
> *5* reports of mission-critical networks that were taken down by
> various worms in the last week. Why's that? On the surface, the
> answer is "RPC bug" but the REAL answer is "people should not
> be connecting mission-critical networks to the Internet - even with
> firewalls." A small handful of us have been singing this song quietly
> in the corner for about 12 years, now. Is anyone going to ever "get it"??
Alas, for the latest round merely being not Internet connected would
not have been good enough. An infected immigrant laptop is enough to take
down any isolated net.
For a sufficiently rich and motivated org, I'd advocate changing the
Ethertype of IP from 800, just to make it harder to connect conventional
equipment by accident. Does even NSA do anything like that?
-- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. _______________________________________________ firewall-wizards mailing list firstname.lastname@example.org http://honor.icsalabs.com/mailman/listinfo/firewall-wizards